It is hard to use NetMon for more than just viewing in case when there is a need to play with DCOM data programmatically.

I am going to show below an alternative way of researching DCOM by replacing NT security DLL. After putting our transparent DLL on top of a system one we are going to try to address
multihomed server slow activation issue.
Currently there are no solutions of multihomed server activation delay available.
All suggestions end at swapping network cards or disabling DCOM on one of the IP addresses which obviously do not work for architectures requiring DCOM on both networks.

Replacing NT Security DLL

To allow applications to have standard access to a variety of security protocols, NT security DLL exposes common
security support provider interface [SSPI].
(Actually the real DLL has three additional undocumented functions: NtLmSspControl, SealMessage and UnsealMessage.)
To allow custom security control MS RPC has the following two registry entries:

HKLM\Software\Microsoft\Rpc\SecurityService\10 and

HKLM\Software\Microsoft\Rpc\SecurityService\DefaultProvider.

Both entries are set to security.dll by default.
Edit them to point to our AKSecurity.dll and reboot the computer.
By doing that we do not extend nor replace the standard NT SSPI.
Our DLL is absolutely transparent.
Being loaded it loads the original NT security.dll and passes all the calls to it.
In addition our DLL provides an extensive logging of security buffers passed to MakeSignature and VerifySignature functions.
In particular I have expanded remote activation logging to the extent I could.

Investigating DCOM Multihomed Server Slow Activation

Multihomed computer has more than one IP address.
In case of remote server activation on multihomed computer the strings are bind to all (two in our case) addresses:

Microsoft OXID resolver uses simplified sequential algorithm to discover which IP address is accessible from the client.
It pings the first address until the given timeout occurs. Then it tries the next one...
If the first IP address is not visible from the client the default activation delay is going to be around 34 seconds over UDP and couple of minutes over TCP.
The parallel OXID resolver algorithm could send requests to all IP addresses simultaneously and catch the first responded.
Even the sequential algorithm could be optimized by sorting IP addresses based on some criteria.

Swapping Bindings on Client

Let's try to use our DLL for a little more than just logging.
When it is getting loaded let it find out its local IP address and store it in some global variable:

Downloads

Comments

Can't compile

I open the .DSP file in Visual Studio 6, and press [F7] to compile the .DLL. I receive 45 errors and 4 warnings. Is anyone able to compile, and repost the .DLL? Or, suggest what to reconfigure in VS6 so I can compile this .DLL myself?

Top White Papers and Webcasts

U.S. companies are desperately trying to recruit and hire skilled software engineers and developers, but there is simply not enough quality talent to go around. Tiempo Development is a nearshore software development company. Our headquarters are in AZ, but we are a pioneer and leader in outsourcing to Mexico, based on our three software development centers there. We have a proven process and we are experts at providing our customers with powerful solutions. We transform ideas into reality.

When individual departments procure cloud service for their own use, they usually don't consider the hazardous organization-wide implications. Read this paper to learn best practices for setting up an internal, IT-based cloud brokerage function that service the entire organization. Find out how this approach enables you to retain top-down visibility and control of network security and manage the impact of cloud traffic on your WAN.